Subversion Repositories ALCASAR

Rev

Rev 2836 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2223 tom.houday 1
#!/bin/bash
2
# $Id: alcasar-dns-local.sh 2838 2020-06-21 22:15:26Z rexy $
1607 franck 3
 
2688 lucas.echa 4
# alcasar-dns-local.sh
1607 franck 5
# by Rexy - 3abtux
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
8
# active ou desactive la redirection du service DNS sur le réseau de consultation
9
# enable or disable the redirector of internal DNS service on consultation LAN
10
 
11
SED="/bin/sed -i"
12
 
13
ALCASAR_CONF_FILE="/usr/local/etc/alcasar.conf"
2688 lucas.echa 14
LOCAL_DOMAIN_CONF_FILE="/etc/unbound/conf.d/common/local-forward/dns-redirector.conf"
2559 rexy 15
LOCAL_HOSTNAME_FILE="/etc/hosts"
1607 franck 16
 
17
# define DNS parameters (LAN side)
2831 rexy 18
INT_DNS_DOMAIN=`grep ^DOMAIN $ALCASAR_CONF_FILE|cut -d"=" -f2`
19
INT_DNS_HOST=`grep ^HOSTNAME $ALCASAR_CONF_FILE|cut -d"=" -f2`
2833 rexy 20
INT_DNS_IP_MASK=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2`
2831 rexy 21
INT_DNS_IP=`grep ^PRIVATE_IP $ALCASAR_CONF_FILE|cut -d"=" -f2|cut -d"/" -f1`
22
INTIF=`grep ^INTIF $ALCASAR_CONF_FILE|cut -d"=" -f2`
23
INT_DNS_ACTIVE=`grep INT_DNS_ACTIVE $ALCASAR_CONF_FILE|cut -d"=" -f2`
24
LOCAL_DNS_FILE="/etc/unbound/conf.d/common/local-dns/$INTIF.conf"
2833 rexy 25
LOCAL_DNS_BLACKHOLE_FILE="/etc/unbound/conf.d/blackhole/iface.$INTIF.conf"
1607 franck 26
 
2688 lucas.echa 27
usage="Usage: alcasar-dns-local.sh {--on | -on} | {--off | -off} | {--add | -add} ip domain | {--del | -del} ip domain | {--reload | -reload}"
1607 franck 28
nb_args=$#
29
args=$1
30
if [ $nb_args -eq 0 ]
31
then
32
        echo "$usage"
33
        exit 1
34
fi
2688 lucas.echa 35
 
2559 rexy 36
function restart_dns(){
2688 lucas.echa 37
        for dns in unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole
2559 rexy 38
        do
39
                systemctl restart $dns
40
        done
41
}
42
 
2833 rexy 43
function hosts_to_unbound(){  # configure the unbound conf file with local host names resolution (forward + blackhole)
2831 rexy 44
                cat << EOF > $LOCAL_DNS_FILE
45
server:
46
        local-zone: "$INT_DNS_DOMAIN" static
47
        local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"
48
        local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"
49
EOF
2833 rexy 50
                cat << EOF > $LOCAL_DNS_BLACKHOLE_FILE
51
server:
52
        server:
53
        interface: ${INT_DNS_IP}@56
54
        access-control-view: $INT_DNS_IP_MASK $INTIF
55
view:
56
        name: "$INTIF"
57
        local-zone: "." redirect
58
        local-data: ". A $INT_DNS_IP"
59
        local-zone: "$INT_DNS_DOMAIN" static
60
        local-data: "$INT_DNS_HOST.$INT_DNS_DOMAIN A $INT_DNS_IP"
61
        local-data-ptr: "$INT_DNS_IP $INT_DNS_HOST.$INT_DNS_DOMAIN"
62
EOF
2688 lucas.echa 63
        while read -r line
64
        do
65
                ip_address=$(echo $line | awk '{ print $1 }')
66
                domain=$(echo $line | awk '{ print $2 }')
67
                if ! echo $line | grep -E -q "^([0-9\.\t ]+alcasar( |$)|127\.0\.0)"
68
                then
2833 rexy 69
                        echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_FILE
2831 rexy 70
                        echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_FILE
2833 rexy 71
                        echo -e "\tlocal-data: \"$domain.$INT_DNS_DOMAIN A $ip_address\"" >> $LOCAL_DNS_BLACKHOLE_FILE
72
                        echo -e "\tlocal-data-ptr: \"$ip_address $domain.$INT_DNS_DOMAIN\"" >> $LOCAL_DNS_BLACKHOLE_FILE
2688 lucas.echa 73
                fi
74
        done < $LOCAL_HOSTNAME_FILE
75
}
76
 
1607 franck 77
case $args in
78
        -\? | -h | --h)
79
                echo "$usage"
80
                exit 0
81
                ;;
2559 rexy 82
        --add|-add) # add a local host resolution
83
                if [ $nb_args -ne 3 ]
84
                then
85
                        echo "$usage"
86
                        exit 1
87
                else
2688 lucas.echa 88
                        # removing if already exists
2838 rexy 89
                        $SED "/^$2[ \t]*$3/d" $LOCAL_HOSTNAME_FILE
2688 lucas.echa 90
                        # adding to the hosts file
2559 rexy 91
                        echo -e "$2\t$3" >> $LOCAL_HOSTNAME_FILE
2688 lucas.echa 92
                        hosts_to_unbound
2559 rexy 93
                        restart_dns
94
                fi
95
                ;;
96
        --del|-del) # remove a local host resolution
97
                if [ $nb_args -ne 3 ]
98
                then
99
                        echo "$usage"
100
                        exit 1
101
                else
2838 rexy 102
                        $SED "/^$2[ \t]*$3/d" $LOCAL_HOSTNAME_FILE
2688 lucas.echa 103
                        hosts_to_unbound
2559 rexy 104
                        restart_dns
105
                fi
106
                ;;
2688 lucas.echa 107
        --reload|-reload)
108
                        hosts_to_unbound
109
                        restart_dns
110
                ;;
2825 rexy 111
        --hosts_to_unbound|-hosts_to_unbound)
112
                        hosts_to_unbound
113
                ;;
1607 franck 114
        --off|-off) # disable DNS redirector
2688 lucas.echa 115
                #$SED "s?^#filterwin2k.*?filterwin2k?g" $DNSMASQ_CONF_FILE
116
                rm -f $LOCAL_DOMAIN_CONF_FILE
1607 franck 117
                $SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=off?g" $ALCASAR_CONF_FILE
2559 rexy 118
                restart_dns
2688 lucas.echa 119
 
120
                # Reload firewall
121
                /usr/local/bin/alcasar-iptables.sh
1607 franck 122
                ;;
2688 lucas.echa 123
        --on|-on) # enable DNS redirector
124
                #$SED "s?^filterwin2k.*?#filterwin2k?g" $DNSMASQ_CONF_FILE
125
                cat > $LOCAL_DOMAIN_CONF_FILE << EOF
126
server:
127
    local-zone: "$INT_DNS_DOMAIN." transparent
128
forward-zone:
129
        name: "$INT_DNS_DOMAIN."
130
        forward-addr: $INT_DNS_IP
131
EOF
1607 franck 132
                $SED "s?^INT_DNS_ACTIVE.*?INT_DNS_ACTIVE=on?g" $ALCASAR_CONF_FILE
2559 rexy 133
                restart_dns
2688 lucas.echa 134
                # Reload firewall
135
                /usr/local/bin/alcasar-iptables.sh
1607 franck 136
                ;;
137
        *)
2688 lucas.echa 138
                echo "Argument inconnu : $1";
1607 franck 139
                echo "$usage"
140
                exit 1
141
                ;;
142
esac